Digital Forensics questions with accurate answers
2 most common UNIX email servers Ans✓✓✓Postfix and Sendmail
4 catagories of forensic linguistics Ans✓✓✓- language and law
- Language in the legal process
- Language as evidence
- Research/training
ACP Ans✓✓✓Attorney-client privilege.
Acquiring data with 'dd' in Linux Ans✓✓✓- "data dump" command.
Creates an exact bit-for-bit raw format file of the media device.
Shortcoming
- Requires more advanced skills than average user
- Does not compress data
- Intended as a data management tool, not for digital forensics
Can be paired with the 'split' command to segment output into separate
volumes
ACquirng data with a linux live boot Ans✓✓✓- configured not to
mount, or to mount as read-only, any connected storage media
- Well designed live-boots for forensics include
o Penguin sleuth kit
o CAINE
,o Deft
o Kali linux
o Knoppix
o SANS Investigative Forensic Toolkit (SIFT)
- Fdisk - manages partitions in linux
- Mkfs.msdos - formats a FAT file system for linux
Advantages of using acquisiton tools for windows Ans✓✓✓advantages
- Make acquiring evidence froma suspect drive more convenient
o Especially when used with hot-swappable devices
Disadvantages
- Must protect acquired data with a well-tested write-blocking hardware
device
- Tools cant acquire data from a disk's host protected area
- Some countries haven't accepted the use of write-blocking devices for
data acquisitions.
Affidavit Ans✓✓✓sworn statement of support of facts about or
evidence of a crime
- Must include exhibits that support the allegation
alternate data streams Ans✓✓✓Ways data can be appended to existing
files •Can obscure valuable evidentiary data, intentionally or by
coincidence
,ANAB Ans✓✓✓ANSI-ASQ National Accreditation Board (ANAB) -
provides accreditation of crime and foresensics labs worldwide. Audits
lab functions and procedures.
ANSI-ASQ National Accreditation Board (ANAB) Ans✓✓✓- provides
accreditation of crime and forensics labs worldwide
o Includes labs that ananlyze digital evidence
- Audits labs functions and procedures
Article 8 Charter of Rights Ans✓✓✓Protects canadian citizens right to
be secure from search and seizure. Seperate search warrents might not
be necessary for digital evidence.
Article 8 of the Charter of Rights and Freedoms Ans✓✓✓protects
everyones right to be secure from search and seizure.
Auditing a forensics lab Ans✓✓✓ensures proper enforcing of policies
Should include inspecting the following facility components and
practices
- Ceiling, floor, roof and exterior walls of the lab
- Doors and door locks
- Visitor logs
- Evidence container logs
- At the end of every workday, secure any evidence that's not being
processed in a forensic workstation
, Autospy Ans✓✓✓- Digital forensics software
- Can:
o Search for keywords
o Display the results
o Examine data
o Export data
o Search for specific filenames (keywords?)
o Generate a report of your activities.
Bad Block Inode Ans✓✓✓Keeps track of a disks bad sectors.
Find in linux using commands:
badblocks as admin
mke2fs and e2fsck for readonly
Basic Requirements for a digital forensics workstation Ans✓✓✓-
running windows 7 or later
- Write-blocker device
- Digital forensics acquisition tool
- Digital forensics analysis tool
- Target drive to receive the source or suspect disk data
- Spare PATA or SATA ports
- USB ports
2 most common UNIX email servers Ans✓✓✓Postfix and Sendmail
4 catagories of forensic linguistics Ans✓✓✓- language and law
- Language in the legal process
- Language as evidence
- Research/training
ACP Ans✓✓✓Attorney-client privilege.
Acquiring data with 'dd' in Linux Ans✓✓✓- "data dump" command.
Creates an exact bit-for-bit raw format file of the media device.
Shortcoming
- Requires more advanced skills than average user
- Does not compress data
- Intended as a data management tool, not for digital forensics
Can be paired with the 'split' command to segment output into separate
volumes
ACquirng data with a linux live boot Ans✓✓✓- configured not to
mount, or to mount as read-only, any connected storage media
- Well designed live-boots for forensics include
o Penguin sleuth kit
o CAINE
,o Deft
o Kali linux
o Knoppix
o SANS Investigative Forensic Toolkit (SIFT)
- Fdisk - manages partitions in linux
- Mkfs.msdos - formats a FAT file system for linux
Advantages of using acquisiton tools for windows Ans✓✓✓advantages
- Make acquiring evidence froma suspect drive more convenient
o Especially when used with hot-swappable devices
Disadvantages
- Must protect acquired data with a well-tested write-blocking hardware
device
- Tools cant acquire data from a disk's host protected area
- Some countries haven't accepted the use of write-blocking devices for
data acquisitions.
Affidavit Ans✓✓✓sworn statement of support of facts about or
evidence of a crime
- Must include exhibits that support the allegation
alternate data streams Ans✓✓✓Ways data can be appended to existing
files •Can obscure valuable evidentiary data, intentionally or by
coincidence
,ANAB Ans✓✓✓ANSI-ASQ National Accreditation Board (ANAB) -
provides accreditation of crime and foresensics labs worldwide. Audits
lab functions and procedures.
ANSI-ASQ National Accreditation Board (ANAB) Ans✓✓✓- provides
accreditation of crime and forensics labs worldwide
o Includes labs that ananlyze digital evidence
- Audits labs functions and procedures
Article 8 Charter of Rights Ans✓✓✓Protects canadian citizens right to
be secure from search and seizure. Seperate search warrents might not
be necessary for digital evidence.
Article 8 of the Charter of Rights and Freedoms Ans✓✓✓protects
everyones right to be secure from search and seizure.
Auditing a forensics lab Ans✓✓✓ensures proper enforcing of policies
Should include inspecting the following facility components and
practices
- Ceiling, floor, roof and exterior walls of the lab
- Doors and door locks
- Visitor logs
- Evidence container logs
- At the end of every workday, secure any evidence that's not being
processed in a forensic workstation
, Autospy Ans✓✓✓- Digital forensics software
- Can:
o Search for keywords
o Display the results
o Examine data
o Export data
o Search for specific filenames (keywords?)
o Generate a report of your activities.
Bad Block Inode Ans✓✓✓Keeps track of a disks bad sectors.
Find in linux using commands:
badblocks as admin
mke2fs and e2fsck for readonly
Basic Requirements for a digital forensics workstation Ans✓✓✓-
running windows 7 or later
- Write-blocker device
- Digital forensics acquisition tool
- Digital forensics analysis tool
- Target drive to receive the source or suspect disk data
- Spare PATA or SATA ports
- USB ports
